RE: redoing website after 7 years

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Personaly I think it is a matter of your own buisiness.

How is the relationship with your customer?
How much work did you spend?
Etc etc etc?

When I read everything I hear 2 things.
1 register_globals does not have to be insecure.
But I see that you allready did the work so that is past station.

2 Some say that you should design a secure website from the beginning.
Well times have changed and what was considerred secure 7 years ago is at
this moment not secure so that would be an interesting discussion.
If I let secure my house 7 years ago I think most burglars would laugh at it
now. 
Also scripts need maintanance look only at the amount of security patches
Microsoft launches for Windows.

But I see several options.
1 You contakt your customer and explain
You will have to admit that you did something that is considered not secure
at this moment. And knowing some of my customers you are in for a .......
discussion.

Personaly I don´t think that you are obliged by law to correct 7 year old
software for free. So it comes all to your feeling and relationship with
your customer.

One tricky part in the disussion is that you where able to "define globals
on again in .htaccess" so if I was customer and I had to pay for it I would
have like to be able to choose before you did the work if I needed to pay
it.

Greetings
Jan Frits 

-----Original Message-----
From: Lamp Lists [mailto:lamp.lists@xxxxxxxxx] 
Sent: Wednesday, January 07, 2009 3:08 PM
To: php-general@xxxxxxxxxxxxx
Subject:  redoing website after 7 years

hi guys,
I did php/mysql based website for one my client 7 years ago, in time when
register_globals was on by default.
hosting company upgraded server to php5/mysql5 and turned globals off. the
site is doesn't work any more.
I can define globals on again in .htaccess but rather not because it could
be a big risk.
to work again I have to spend a lot of hours to modify the code. boring job.
but, I'm more concern does client has to pay the changes/upgrade or it's
still "my obligation"?
anybody had similar experience?

thanks for any help.

ll




      


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux